CVE-2014-8131
published 2015-01-06CVE-2014-8131: The qemu implementation of virConnectGetAllDomainStats in libvirt before 1.2.11 does not properly handle locks when a domain is skipped due to ACL…
medium4CVSS 3.1
AVNACLAuSCNINAP
The qemu implementation of virConnectGetAllDomainStats in libvirt before 1.2.11 does not properly handle locks when a domain is skipped due to ACL restrictions, which allows a remote authenticated users to cause a denial of service (deadlock or segmentation fault and crash) via a request to access the users does not have privileges to access.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libvirt | < libvirt 1.2.9-7 (bookworm) | libvirt 1.2.9-7 (bookworm) |
| redhat | libvirt | <= 1.2.10 | — |
| redhat | libvirt | >= 0 < 1.2.9-7 | 1.2.9-7 |
| redhat | libvirt | >= 0 < 1.2.9-7 | 1.2.9-7 |
| redhat | libvirt | >= 0 < 1.2.9-7 | 1.2.9-7 |
| redhat | libvirt | >= 0 < 1.2.9-7 | 1.2.9-7 |
CVSS provenance
nvd4.0MEDIUMAV:N/AC:L/Au:S/C:N/I:N/A:P
osv4.0MEDIUM